1. Technical Field
The present disclosure relates generally security and, more particularly, to a method and system for authentication in a computer network.
2. Description of the Related Art
Web services are automated resources that can be accessed by the Internet and provide a way for computers to communicate with one another. Web services use “Extensible Markup Language” (XML) to transmit data. XML is a human readable language that is used for tagging the data that is used by web services.
A computer system using web services can use a “Universal Discovery, Description and Integration” (UDDI) protocol. Computer system(s) as referred to herein may include(s) individual computers, servers, computing resources, and/or networks, etc. UDDI is a web based globally distributed directory that exposes information about service providers, service implementations, and service metadata. UDDI is similar to a phone book's yellow pages because it allows service providers, such as businesses, to advertise the services that they offer and allows service consumers to discover services that meet their needs.
The UDDI standard is fundamental to the newly emerging network of web services. Security efforts can be undertaken to prevent intruders from being able to access critical data that is exposed by UDDI. One way to attempt to provide security occurs at the network layer and utilizes a single username and a password combination from a user in order to gain access to critical data. However, the UDDI standard does not specify how the publication of data into a UDDI repository is to be done in a secure manner. This leaves a major security hole in the UDDI standard.
FIG. 2 shows an example of a type of authentication mechanism that uses an authentication token. An authentication token is a system that is used to identify a user in a computer system, such as a network. A client 201 transmits a request to a server 202 for an authentication token 204. The request contains a username and password 203. For example, the request can be carried out through a get_authToken Application Programming Interface (API) that obtains the authentication token from a UDDI enabled server 202. In response to the client's 201 request, the server 202 transmits the authentication token 204 to the client 201. The authentication token 204 may contain authentication information, allowing the client 201 to gain access to a UDDI repository which may be local to server 202 or remote therefrom.
However, such authentication mechanisms can be susceptible to attack and allow unauthorized users to take advantage of system vulnerabilities. For example, an unauthorized user, such as a hacker, would potentially need only one username and one password to gain access to critical data. Password sniffers can easily allow unauthorized users to collect these usernames and passwords, thereby compromising system security.
Accordingly, it would be beneficial to provide a reliable and effective authentication mechanism to ensure that the UDDI protocol can be used securely.